Understanding CORS: Cross-Origin Resource Sharing for Frontend Security

Sign in to solve this problem

Track your progress, run tests, and get AI feedback

Run code and see test results
Submit and get AI-powered feedback
Track which problems you've solved

Theory

easy

Easy

frontend

web-security

networking

HTTP

CORS

browser-api

interview-prep

theory

Overview

Cross-Origin Resource Sharing (CORS) is a critical browser security feature that governs how web pages in one domain can request resources from a server in a different domain. For frontend developers, encountering and understanding CORS errors is a common rite of passage, highlighting its importance in securing web applications while enabling legitimate cross-origin communication. This question explores the fundamental mechanisms and implications of CORS.

What you need to do / Task

Provide a written response explaining the concepts and mechanisms of CORS, supported by a concrete example.

The question

Explain what Cross-Origin Resource Sharing (CORS) is, why it's necessary for web security, and describe its core mechanisms. Provide a concrete example of a scenario where CORS would be involved and how it prevents or allows the interaction.

What a strong answer covers

A clear definition of CORS and its purpose.
Explanation of the Same-Origin Policy (SOP) and how CORS extends it.
Description of simple requests versus preflighted requests, including the HTTP methods and headers involved in each.
A practical example illustrating a cross-origin request, a potential CORS error, and how it's resolved.
Common CORS-related HTTP headers (Access-Control-Allow-Origin, Access-Control-Allow-Methods, Access-Control-Allow-Headers, etc.).

Examples

Example 1

Input:

Describe CORS and its mechanisms with an example.

Output:

Define CORS and its role in web security, linked to the Same-Origin Policy.
Explain simple vs. preflight requests, detailing methods and headers.
Provide a practical scenario where a frontend app on app.com fetches data from api.com, illustrating a CORS issue and its resolution.

Constraints

Constraints & assumptions

Your response should be a concise, well-structured explanation, approximately 250-400 words.
Focus on conceptual understanding; no code examples are required.
Assume the audience is familiar with basic HTTP concepts (requests, responses, headers).
Address both the client-side (browser) and server-side (resource provider) roles in CORS.

What graders evaluate

Conceptual Accuracy: Correctly defines CORS, Same-Origin Policy, and its mechanisms.
Clarity and Structure: The explanation is easy to follow, logically organized, and uses precise terminology.
Completeness: Covers all aspects requested in the prompt, including preflight requests and common headers.
Relevance of Example: The provided example clearly illustrates a real-world CORS scenario.